High severity8.8NVD Advisory· Published Feb 1, 2022· Updated Jun 17, 2026
CVE-2021-24919
CVE-2021-24919
Description
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <2.8.10
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2651221nvdPatchThird Party Advisory
- wpscan.com/vulnerability/f472ec7d-765c-4266-ab9c-e2d06703ebb4nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.